Abstract:
Aiming at the analyzing process of software binary patch, this paper proposes an instruction normalization algorithm to distinguish whether the corresponding basic blocks are reordered. Compared with the normally small prime algorithm, this algorithm is not limited to instruction numbers and does not fail to report the difference information. It has high efficiency and good effect. Initial experiments show that this algorithm can reduce the manual work to analyze difference information and help reverse engineering person quickly locate software difference.
Key words:
software patch comparison,
instruction reordering,
small prime algorithm,
instruction normalization
摘要: 针对软件二进制补丁分析过程,提出一种指令归一化算法,用于判别补丁前后的相应基本块内指令是否发生重排序。与常用的小素数法相比,该算法不受基本块内指令条数的限制,不会导致差异信息漏报,且效率较高、效果良好。初步实验证明,该算法减少了人工分析差异信息的工作量,可以帮助逆向分析人员快速定位软件差异。
关键词:
软件补丁比对,
指令重排列,
小素数法,
指令归一化
CLC Number:
CHEN E-Nan, DIAO Rong-Cai, WANG Xiao-Qin, LIN Hua, LIU Zhen-Hua, ZHANG Xin-Yu, LI Feng-Fei. Instruction Normalization Algorithm in Binary Patch Comparison[J]. Computer Engineering, 2010, 36(15): 46-48.
沈亚楠, 赵荣彩, 王小芹, 任华, 刘振华, 张新宇, 李鹏飞. 二进制补丁比对中的指令归一化算法[J]. 计算机工程, 2010, 36(15): 46-48.